Lucene search

[email protected]NVD:CVE-2019-20446

HistoryFeb 02, 2020 - 2:15 p.m.

CVE-2019-20446

2020-02-0214:15:10

CWE-400

[email protected]

web.nvd.nist.gov

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

AI Score

6.4

Confidence

High

EPSS

0.004

Percentile

73.4%

JSON

In xml.rs in GNOME librsvg before 2.46.2, a crafted SVG file with nested patterns can cause denial of service when passed to the library for processing. The attacker constructs pattern elements so that the number of final rendered objects grows exponentially.

Affected configurations

Nvd

Node

gnomelibrsvgRange<2.40.21

gnomelibrsvgRange2.42.0–2.42.8

gnomelibrsvgRange2.44.0–2.44.16

Node

opensuseleapMatch15.1

Node

fedoraprojectfedoraMatch30

fedoraprojectfedoraMatch31

Node

debiandebian_linuxMatch9.0

Node

canonicalubuntu_linuxMatch16.04lts

canonicalubuntu_linuxMatch18.04lts

Node

netappactive_iq_unified_managerMatch-vmware_vsphere

VendorProductVersionCPE
gnomelibrsvg*cpe:2.3:a:gnome:librsvg:*:*:*:*:*:*:*:*
opensuseleap15.1cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*
fedoraprojectfedora30cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*
fedoraprojectfedora31cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*
debiandebian_linux9.0cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
canonicalubuntu_linux16.04cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
canonicalubuntu_linux18.04cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
netappactive_iq_unified_manager-cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*

Vendor	Product	Version	CPE
gnome	librsvg	*	cpe:2.3:a:gnome:librsvg::::::::
opensuse	leap	15.1	cpe:2.3:o:opensuse:leap:15.1:::::::*
fedoraproject	fedora	30	cpe:2.3:o:fedoraproject:fedora:30:::::::*
fedoraproject	fedora	31	cpe:2.3:o:fedoraproject:fedora:31:::::::*
debian	debian_linux	9.0	cpe:2.3:o:debian:debian_linux:9.0:::::::*
canonical	ubuntu_linux	16.04	cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::
canonical	ubuntu_linux	18.04	cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::
netapp	active_iq_unified_manager	-	cpe:2.3:a:netapp:active_iq_unified_manager:-:::::vmware_vsphere::